fix sepolicy patch hint (#2872)

2025-11-06 10:14:54 +08:00
parent fd60cda3b3
commit 91312effba
2 changed files with 9 additions and 9 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -194,7 +194,7 @@ static int get_object(char *buf, char __user *user_object, size_t buf_sz,
    }
    if (strncpy_from_user(buf, user_object, buf_sz) < 0) {
-        return -1;
+        return -EINVAL;
    }
    *object = buf;
@@ -223,7 +223,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
    struct policydb *db;
    if (!arg4) {
-        return -1;
+        return -EINVAL;
    }
    if (!getenforce()) {
@@ -270,7 +270,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
    struct sepol_data data;
    if (copy_from_user(&data, arg4, sizeof(struct sepol_data))) {
        pr_err("sepol: copy sepol_data failed.\n");
-        return -1;
+        return -EINVAL;
    }
    sepol1 = data.field_sepol1;
    sepol2 = data.field_sepol2;
@@ -287,7 +287,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
    db = get_policydb();
-    int ret = -1;
+    int ret = -EINVAL;
    if (cmd == CMD_NORMAL_PERM) {
        char src_buf[MAX_SEPOL_LEN];
        char tgt_buf[MAX_SEPOL_LEN];
@@ -328,7 +328,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
        } else {
            pr_err("sepol: unknown subcmd: %d\n", subcmd);
        }
-        ret = success ? 0 : -1;
+        ret = success ? 0 : -EINVAL;
    } else if (cmd == CMD_XPERM) {
        char src_buf[MAX_SEPOL_LEN];
@@ -373,7 +373,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
        } else {
            pr_err("sepol: unknown subcmd: %d\n", subcmd);
        }
-        ret = success ? 0 : -1;
+        ret = success ? 0 : -EINVAL;
    } else if (cmd == CMD_TYPE_STATE) {
        char src[MAX_SEPOL_LEN];
--- a/userspace/ksud/src/sepolicy.rs
+++ b/userspace/ksud/src/sepolicy.rs
@@ -702,10 +702,10 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>, strict: bool) -> Resul
            cmd: 0,
            arg: &ffi_policy as *const _ as u64,
        };
-        if crate::ksucalls::set_sepolicy(&cmd).is_err() {
+        if let Err(e) = crate::ksucalls::set_sepolicy(&cmd) {
-            log::warn!("apply rule: {statement:?} failed.");
+            log::warn!("apply rule {:?} failed: {}", statement, e);
            if strict {
-                return Err(anyhow::anyhow!("apply rule {:?} failed.", statement));
+                return Err(anyhow::anyhow!("apply rule {:?} failed: {}", statement, e));
            }
        }
    }